CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
64.9%
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application.
lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
rhn.redhat.com/errata/RHSA-2015-2549.html
rhn.redhat.com/errata/RHSA-2015-2550.html
www.debian.org/security/2015/dsa-3430
www.ubuntu.com/usn/USN-2834-1
xmlsoft.org/news.html
bugzilla.redhat.com/show_bug.cgi?id=1281925
git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc
git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da
github.com/advisories/GHSA-jxjr-5h69-qw3w
github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml
groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
nvd.nist.gov/vuln/detail/CVE-2015-7499
security.gentoo.org/glsa/201701-37
web.archive.org/web/20210724022841/www.securityfocus.com/bid/79509
web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243